CVE-2026-25905
Description
The Python code being run by runPython or runPythonAsync is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the mcp-run-python project is archived and unlikely to receive a fix.
Risk Information
Base Score
5.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.011
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2026-25904,CVE-2026-25905 are affected in Python-mcp-run-python 0.0.22 | Windows |
| Vulnerabilities CVE-2026-25904,CVE-2026-25905 are affected in Python-mcp-run-python for linux 0.0.22 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234